Lucene search
PRIOn knowledge basePRION:CVE-2023-23625HistoryFeb 09, 2023 - 9:15 p.m.
Design/Logic Flaw
2023-02-0921:15:00
PRIOn knowledge base
www.prio-n.com
1
unix-like filesystem
ipld merkledag
panics
memory leaks
hamt directories
upgrade
untrusted user input
0.001 Low
EPSS
Percentile
38.0%
go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout parameter in the HAMT directory nodes. Users are advised to upgrade to version 0.4.3 to resolve this issue. Users unable to upgrade should not feed untrusted user data to the decoding functions.
Related
cve
cve
CVE-2023-23625
2023-02-09 21:15:11
cvelist
cvelist
CVE-2023-23625 Denial of service in HAMT Decoding in go-unixfs
2023-02-09 20:57:22
osv
osv
Denial of service via HAMT Decoding Panics
2023-02-10 23:08:06
Denial of service via HAMT decoding panic in github.com/ipfs/go-unixfs
2023-02-14 19:34:46
CVE-2023-23625
2023-02-09 21:15:11
veracode
veracode
Denial Of Service (DoS)
2023-02-14 02:05:48
nvd
nvd
CVE-2023-23625
2023-02-09 21:15:11
github
github
Denial of service via HAMT Decoding Panics
2023-02-10 23:08:06